c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs - convert between sudoers file formats
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs [-\b-h\bhV\bV] [-\b-f\bf _\bf_\bo_\br_\bm_\ba_\bt] [-\b-o\bo _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be] [_\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bf_\bi_\bl_\be]
+ c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs [-\b-h\bhV\bV] [-\b-b\bb _\bd_\bn] [-\b-f\bf _\bf_\bo_\br_\bm_\ba_\bt] [-\b-o\bo _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bi_\bl_\be] [_\bs_\bu_\bd_\bo_\be_\br_\bs_\b__\bf_\bi_\bl_\be]
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
c\bcv\bvt\bts\bsu\bud\bdo\boe\ber\brs\bs can be used to convert a policy file in _\bs_\bu_\bd_\bo_\be_\br_\bs format to
The options are as follows:
- -\b-f\bf, -\b--\b-f\bfo\bor\brm\bma\bat\bt
+ -\b-b\bb _\bd_\bn, -\b--\b-b\bba\bas\bse\be=_\bd_\bn
+ The base DN (distinguished name) that will be used when
+ performing LDAP queries. Typically this is of the form
+ ou=SUDOers,dc=example,dc=com for the domain example.com. If
+ this option is not specified, the value of the SUDOERS_BASE
+ environment variable will be used instead. Only necessary
+ when converting to LDIF format.
+
+ -\b-f\bf _\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bo_\br_\bm_\ba_\bt, -\b--\b-f\bfo\bor\brm\bma\bat\bt=_\bo_\bu_\bt_\bp_\bu_\bt_\b__\bf_\bo_\br_\bm_\ba_\bt
Specify the output format. The following formats are
supported:
.HP 11n
\fBcvtsudoers\fR
[\fB\-hV\fR]
+[\fB\-b\fR\ \fIdn\fR]
[\fB\-f\fR\ \fIformat\fR]
[\fB\-o\fR\ \fIoutput_file\fR]
[\fIsudoers_file\fR]
.PP
The options are as follows:
.TP 12n
-\fB\-f\fR, \fB\--format\fR
+\fB\-b\fR \fIdn\fR, \fB\--base\fR=\fIdn\fR
+The base DN (distinguished name) that will be used when performing
+LDAP queries.
+Typically this is of the form
+\fRou=SUDOers,dc=example,dc=com\fR
+for the domain
+\fRexample.com\fR.
+If this option is not specified, the value of the
+\fRSUDOERS_BASE\fR
+environment variable will be used instead.
+Only necessary when converting to LDIF format.
+.TP 12n
+\fB\-f\fR \fIoutput_format\fR, \fB\--format\fR=\fIoutput_format\fR
Specify the output format.
The following formats are supported:
.PP
.Sh SYNOPSIS
.Nm cvtsudoers
.Op Fl hV
+.Op Fl b Ar dn
.Op Fl f Ar format
.Op Fl o Ar output_file
.Op Ar sudoers_file
.Pp
The options are as follows:
.Bl -tag -width Fl
-.It Fl f , -format
+.It Fl b Ar dn , Fl -base Ns = Ns Ar dn
+The base DN (distinguished name) that will be used when performing
+LDAP queries.
+Typically this is of the form
+.Li ou=SUDOers,dc=example,dc=com
+for the domain
+.Li example.com .
+If this option is not specified, the value of the
+.Ev SUDOERS_BASE
+environment variable will be used instead.
+Only necessary when converting to LDIF format.
+.It Fl f Ar output_format , Fl -format Ns = Ns Ar output_format
Specify the output format.
The following formats are supported:
.Bl -tag -width 8n
sudoers LDAP schema so they are expanded during the conversion.
.El
.El
-.It Fl h , -help
+.It Fl h , Fl -help
Display a short help message to the standard output and exit.
.It Fl o Ar output_file , Fl -output Ns = Ns Ar output_file
Write the converted output to
*/
struct sudo_user sudo_user;
struct passwd *list_pw;
-static const char short_opts[] = "f:ho:V";
+static const char short_opts[] = "b:f:ho:V";
static struct option long_opts[] = {
+ { "base", required_argument, NULL, 'b' },
{ "format", required_argument, NULL, 'f' },
{ "help", no_argument, NULL, 'h' },
#ifdef notyet
enum output_formats output_format = output_ldif;
const char *input_file = "-";
const char *output_file = "-";
+ const char *sudoers_base = NULL;
debug_decl(main, SUDOERS_DEBUG_MAIN)
#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
*/
while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) {
switch (ch) {
- case 'f':
- if (strcasecmp(optarg, "json") == 0) {
- output_format = output_json;
- } else if (strcasecmp(optarg, "ldif") == 0) {
- output_format = output_ldif;
- } else {
- sudo_warnx("unsupported output format %s", optarg);
- usage(1);
- }
- break;
- case 'h':
- help();
- break;
- case 'o':
- output_file = optarg;
- break;
- case 'V':
- (void) printf(_("%s version %s\n"), getprogname(),
- PACKAGE_VERSION);
- (void) printf(_("%s grammar version %d\n"), getprogname(),
- SUDOERS_GRAMMAR_VERSION);
- exitcode = EXIT_SUCCESS;
- goto done;
- default:
+ case 'b':
+ sudoers_base = optarg;
+ break;
+ case 'f':
+ if (strcasecmp(optarg, "json") == 0) {
+ output_format = output_json;
+ } else if (strcasecmp(optarg, "ldif") == 0) {
+ output_format = output_ldif;
+ } else {
+ sudo_warnx("unsupported output format %s", optarg);
usage(1);
+ }
+ break;
+ case 'h':
+ help();
+ break;
+ case 'o':
+ output_file = optarg;
+ break;
+ case 'V':
+ (void) printf(_("%s version %s\n"), getprogname(),
+ PACKAGE_VERSION);
+ (void) printf(_("%s grammar version %d\n"), getprogname(),
+ SUDOERS_GRAMMAR_VERSION);
+ exitcode = EXIT_SUCCESS;
+ goto done;
+ default:
+ usage(1);
}
}
argc -= optind;
exitcode = !convert_sudoers_json(output_file);
break;
case output_ldif:
- exitcode = !convert_sudoers_ldif(output_file, NULL);
+ exitcode = !convert_sudoers_ldif(output_file, sudoers_base);
break;
default:
sudo_fatalx("error: unhandled output format %d", output_format);
usage(int fatal)
{
(void) fprintf(fatal ? stderr : stdout,
- "usage: %s [-hV] [-f format] [-o output_file] [sudoers_file]\n",
+ "usage: %s [-hV] [-b dn] [-f format] [-o output_file] [sudoers_file]\n",
getprogname());
if (fatal)
exit(1);
(void) printf(_("%s - convert between sudoers file formats\n\n"), getprogname());
usage(0);
(void) puts(_("\nOptions:\n"
+ " -b, --base=dn the base DN for sudo LDAP queries\n"
" -f, --format=JSON|LDIF specify output format (JSON or LDIF)\n"
" -h, --help display help message and exit\n"
" -o, --output=output_file write converted sudoers to output_file\n"
projects / sudo / commitdiff